Update release notes:

[FreeBSD/releng/7.2.git] / release / doc / en_US.ISO8859-1 / relnotes / article.sgml

<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EN">
%articles.ent;

<!ENTITY % release PUBLIC "-//FreeBSD//ENTITIES Release Specification//EN">
%release;
]>

<article>
  <articleinfo>
    <title>&os; &release.current; Release Notes</title>

    <corpauthor>The &os; Project</corpauthor>

    <pubdate>$FreeBSD$</pubdate>

    <copyright>
      <year>2000</year>
      <year>2001</year>
      <year>2002</year>
      <year>2003</year>
      <year>2004</year>
      <year>2005</year>
      <year>2006</year>
      <year>2007</year>
      <year>2008</year>
      <year>2009</year>
      <holder role="mailto:doc@FreeBSD.org">The &os; Documentation Project</holder>
    </copyright>

    <legalnotice id="trademarks" role="trademarks">
      &tm-attrib.freebsd;
      &tm-attrib.ibm;
      &tm-attrib.ieee;
      &tm-attrib.intel;
      &tm-attrib.microsoft;
      &tm-attrib.sparc;
      &tm-attrib.general;
    </legalnotice>

    <abstract>
      <para>The release notes for &os; &release.current; contain a summary
        of the changes made to the &os; base system on the
        &release.branch; development line.
        This document lists applicable security advisories that were issued since
        the last release, as well as significant changes to the &os;
        kernel and userland.
        Some brief remarks on upgrading are also presented.</para>
    </abstract>
  </articleinfo>

  <sect1 id="intro">
    <title>Introduction</title>

    <para>This document contains the release notes for &os;
      &release.current;.  It
      describes recently added, changed, or deleted features of &os;.
      It also provides some notes on upgrading
      from previous versions of &os;.</para>

<![ %release.type.current [

    <para>The &release.type; distribution to which these release notes
      apply represents the latest point along the &release.branch; development
      branch since &release.branch; was created.  Information regarding pre-built, binary
      &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.snapshot [

    <para>The &release.type; distribution to which these release notes
      apply represents a point along the &release.branch; development
      branch between &release.prev; and the future &release.next;.
      Information regarding
      pre-built, binary &release.type; distributions along this branch
      can be found at <ulink url="&release.url;"></ulink>.</para>

]]>

<![ %release.type.release [

    <para>This distribution of &os; &release.current; is a
      &release.type; distribution.  It can be found at <ulink
      url="&release.url;"></ulink> or any of its mirrors.  More
      information on obtaining this (or other) &release.type;
      distributions of &os; can be found in the <ulink
      url="&url.books.handbook;/mirrors.html"><quote>Obtaining
      &os;</quote> appendix</ulink> to the <ulink
      url="&url.books.handbook;/">&os; Handbook</ulink>.</para>

]]>

    <para>All users are encouraged to consult the release errata before
      installing &os;.  The errata document is updated with
      <quote>late-breaking</quote> information discovered late in the
      release cycle or after the release.  Typically, it contains
      information on known bugs, security advisories, and corrections to
      documentation.  An up-to-date copy of the errata for &os;
      &release.current; can be found on the &os; Web site.</para>
  </sect1>

  <sect1 id="new">
    <title>What's New</title>

    <para>This section describes the most user-visible new or changed
      features in &os; since &release.prev;.</para>

    <para>Typical release note items document recent security
      advisories issued after &release.prev;, new drivers or hardware
      support, new commands or options, major bug fixes, or
      contributed software upgrades.  They may also list changes to
      major ports/packages or release engineering practices.  Clearly
      the release notes cannot list every single change made to &os;
      between releases; this document focuses primarily on security
      advisories, user-visible changes, and major architectural
      improvements.</para>

    <sect2 id="security">
      <title>Security Advisories</title>

      <para>Problems described in the following security advisories have
        been fixed.  For more information, consult the individual
        advisories available from
        <ulink url="http://security.FreeBSD.org/"></ulink>.</para>

      <informaltable frame="none" pgwide="0">
        <tgroup cols="3">
          <colspec colwidth="1*">
          <colspec colwidth="1*">
          <colspec colwidth="3*">
            <thead>
              <row>
                <entry>Advisory</entry>
                <entry>Date</entry>
                <entry>Topic</entry>
              </row>
            </thead>

            <tbody>
              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc"
                              >SA-09:01.lukemftpd</ulink></entry>
                <entry>07&nbsp;January&nbsp;2009</entry>
                <entry><para>Cross-site request forgery in
                  &man.lukemftpd.8;</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc"
                              >SA-09:02.openssl</ulink></entry>
                <entry>07&nbsp;January&nbsp;2009</entry>
                <entry><para>OpenSSL incorrectly checks for malformed
                  signatures</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:03.ntpd.asc"
                              >SA-09:03.ntpd</ulink></entry>
                <entry>13&nbsp;January&nbsp;2009</entry>
                <entry><para>ntpd cryptographic signature
                  bypass</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:04.bind.asc"
                              >SA-09:04.bind</ulink></entry>
                <entry>13&nbsp;January&nbsp;2009</entry>
                <entry><para>BIND DNSSEC incorrect checks for
                  malformed signatures</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc"
                              >SA-09:05.telnetd</ulink></entry>
                <entry>16&nbsp;February&nbsp;2009</entry>
                <entry><para>telnetd code execution
                  vulnerability</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.asc"
                              >SA-09:06.ktimer</ulink></entry>
                <entry>23&nbsp;March&nbsp;2009</entry>
                <entry><para>Local privilege escalation</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
                              >SA-09:07.libc</ulink></entry>
                <entry>04&nbsp;April&nbsp;2009</entry>
                <entry><para>Information leak in &man.db.3;</para></entry>
              </row>

              <row>
                <entry><ulink url="http://security.freebsd.org/advisories/FreeBSD-SA-09:08.openssl.asc"
                              >SA-09:08.openssl</ulink></entry>
                <entry>22&nbsp;April&nbsp;2009</entry>
                <entry><para>Remotely exploitable crash in
                  OpenSSL</para></entry>
              </row>
            </tbody>
        </tgroup>
      </informaltable>
    </sect2>

    <sect2 id="kernel">
      <title>Kernel Changes</title>

      <para>The &os; DTrace subsystem now supports a probe for
        process execution.</para>

      <para arch="amd64">The &os; kernel virtual address space has
        been increased to 6GB and the ceiling on the kmem map size
        to 3.6GB.  Note that the ceiling as a fraction of the kernel
        map size rather than an absolute quantity.</para>

      <sect3 id="boot">
        <title>Boot Loader Changes</title>

        <para>The &man.boot.8; now supports 4-byte volume ID that
          certain versions of &windows; put into the MBR and invoking
          PXE by pressing F6 key on some supported BIOSes.</para>

        <para>The &man.loader.8; is now able to obtain DHCP options
          via &man.kenv.2; variables in the case of network boot.</para>

        <para>A bug in the &man.loader.8; has been fixed.  Now the
          following line works as expected:</para>

        <programlisting>loader_conf_files="<replaceable>foo</replaceable> <replaceable>bar</replaceable> ${<replaceable>variable</replaceable>}"</programlisting>
      </sect3>

      <sect3 id="proc">
        <title>Hardware Support</title>

        <para>The &man.acpi.4; subsystem now supports a &man.sysctl.8;
          variable <varname>debug.batt.batt_sleep_ms</varname>.  On
          some laptops with smart batteries, enabling battery
          monitoring software causes keystrokes from &man.atkbd.4; to
          be lost.  This sysctl variable adds a delay in millisecond
          to the status checking code as a workaround.</para>

        <para>The &man.cpuctl.4; driver, which provides a special
          device <filename>/dev/cpuctl</filename> as an interface to
          the system CPU and functionality to retrieve CPUID
          information, read/write machine specific registers (MSR) and
          perform CPU firmware updates.</para>

        <sect4 id="mm">
          <title>Multimedia Support</title>

          <para>The &man.agp.4; now supports Intel G4X series graphics
            chipsets.</para>

          <para>The DRM, a kernel module named Direct Rendering
            Manager that gives direct hardware access to DRI clients,
            has been updated.  Support for AMD/ATI r500 and IGP based
            chips, XGI V3XE/V5/V8, and Intel i915 chipsets has been
            improved.</para>

          <para>The snd_au88x0(4) driver for Aureal Vortex
            1/2/Advantage PCI has been removed because this was
            broken for a long time.</para>

          <para>The &man.snd.hda.4; driver has been updated.  Changes
            include: multiple codec per HDA bus, multiple functional
            groups per codec, multiple audio devices per functional
            group, digital (SPDIF/HDMI) audio input/output,
            suspend/resume, and part of multichannel audio.</para>

          <para>Note that due to added HDMI audio and logical audio
            devices support, updated driver often provides several PCM
            devices.  In some cases it can make system default audio
            device no longer corresponding to the users's habitual
            audio connectors.  In such cases the default device can be
            specified in audio application setup or defined globally
            via <varname>hw.snd.default_unit sysctl</varname>
            as described in the &man.sound.4; manual page.</para>
        </sect4>

        <sect4 id="net-if">
          <title>Network Interface Support</title>

          <para>The ciphy(4) driver now supports Vitesse VSC8211
            PHY.</para>

          <para>A bug in &man.igb.4; driver which prevents a tunable
            <varname>hw.igb.ave_latency</varname> from working has
            been fixed.</para>

          <para>The &man.jme.4; driver now supports newer JMicron
            JMC250/JMC260 revisions.</para>

          <para>The &man.rl.4; driver has been improved.  A bug which
            prevents it from working on systems with more than 4GB
            memory has been fixed.</para>
        </sect4>
      </sect3>

      <sect3 id="net-proto">
        <title>Network Protocols</title>

        <para>The &man.jail.8; subsystem now supports start with a
          specific route FIB.</para>

        <para>The &man.ng.netflow.4; Netgraph node now supports
          ability to generate egress netflow instead or in addition to
          ingress.  A <literal>NGM_NETFLOW_SETCONFIG</literal> control
          message has been added to control the new functionality.</para>
      </sect3>

      <sect3 id="disks">
        <title>Disks and Storage</title>

        <para>The &man.ata.4; driver now supports Marvell PATA M88SX6121.</para>

        <para>An issue in the &man.gvinum.8; with access permissions
          to underlying disks used by a gvinum plex has been fixed.
          If the plex is a raid5 plex and is being written to, parity data might
          have to be read from the underlying disks, requiring them to be opened for
          reading as well as writing.</para>

        <para>The &man.mmc.4; and &man.mmcsd.4; driver now support MMC
          and SDHC cards, high speed timing, wide bus, and multiblock
          transfers.</para>

        <para>The &man.sdhci.4; driver has been added.  This supports
          PCI devices with class 8 and subclass 5 according to SD Host
          Controller Specification.</para>

        <para>The &man.mmc.4; &man.mmcsd.4;, and &man.sdhci.4; driver
          are now included as a kernel module.</para>
      </sect3>

      <sect3 id="fs">
        <title>File Systems</title>

        <para></para>
      </sect3>
    </sect2>

    <sect2 id="userland">
      <title>Userland Changes</title>

      <para>The &man.config.8; utility now supports
        multiple <varname>makeoption</varname> lines.</para>

      <para>The &man.du.1; utility now supports an <option>-l</option>
        flag.  When specified, the &man.du.1; counts a file with
        multiple hard links as multiple different files.</para>

      <para>The &man.fetch.1; utility now supports an
        <option>-i</option> flag which supports If-Modified-Since HTTP
        request.</para>

      <para>The &man.fsck.8; utility now supports a
        <option>-C</option> flag for catastrophic recovery mode, which
        will enable certain aggressive operations that can make
        &man.fsck.8; to survive with file systems that has very
        serious data damage, which is an useful last resort when on
        disk data damage is very serious and causes &man.fsck.8; to
        crash otherwise.</para>

      <para>A bug in the &man.ipfw.8; utility which displays extra
        messages for a NAT rule even when a <option>-q</option> flag
        is specified.</para>

      <para>A bug in the &man.netstat.1; utility has been fixed.  It
        crashed with the following options in the previous
        versions:</para>

      <screen>&prompt.user; netstat -m -N foo</screen>

      <para>The &man.powerd.8; program has been improved.  Changes
        include reasonable CPU load estimation on SMP systems and a
        new mode named as <literal>hiadaptive</literal> for AC-powered
        systems which rises frequency twice faster, drops it 4 times
        slower, prefers twice lower CPU load and has additional delay
        before leaving the highest frequency after the period of
        maximum load.</para>

      <para>The &man.strndup.3; function has been added.</para>

      <para>The &man.wc.1; utility now supports an <option>-L</option>
        flag to output the number of characters in the longest input
        line.</para>

      <para>A bug in the &man.rpc.yppasswdd.8; program which leaves a
        zombie process when a password or default shell is changed has
        been fixed.</para>

      <sect3 id="rc-scripts">
        <title><filename>/etc/rc.d</filename> Scripts</title>

        <para></para>
      </sect3>
    </sect2>

    <sect2 id="contrib">
      <title>Contributed Software</title>

      <para><application>ISC BIND</application> has been updated to
        version 9.4.3-P2.</para>

      <para>The timezone database has been updated from
        the <application>tzdata2008h</application> release to
        the <application>tzdata2009f</application> release.</para>
    </sect2>

    <sect2 id="ports">
      <title>Ports/Packages Collection Infrastructure</title>

      <para>A bug in the &man.pkg.create.1; which prevents the
        <option>-n</option> flag from working has been fixed.</para>
    </sect2>

    <sect2 id="releng">
      <title>Release Engineering and Integration</title>

      <para>The supported version of
        the <application>GNOME</application> desktop environment
        (<filename role="package">x11/gnome2</filename>) has been
        updated from 2.22 to 2.26.</para>

      <para>The supported version of
        the <application>KDE</application> desktop environment has
        been updated from 3.5.10 (<filename
        role="package">x11/kde3</filename>) to 4.2.2 (<filename
        role="package">x11/kde4</filename>).</para>
    </sect2>

    <sect2 id="doc">
      <title>Documentation</title>

      <para></para>
    </sect2>
  </sect1>

  <sect1 id="upgrade">
    <title>Upgrading from previous releases of &os;</title>

    <para arch="amd64,i386">Beginning with &os; 6.2-RELEASE, binary
      upgrades between RELEASE versions (and snapshots of the various
      security branches) are supported using the
      &man.freebsd-update.8; utility.  The binary upgrade procedure
      will update unmodified userland utilities, as well as unmodified
      GENERIC or SMP kernels distributed as a part of an official &os;
      release.  The &man.freebsd-update.8; utility requires that the
      host being upgraded have Internet connectivity.</para>

    <para>An older form of binary upgrade is supported through the
      <command>Upgrade</command> option from the main
      &man.sysinstall.8; menu on CDROM distribution media.  This type
      of binary upgrade may be useful on non-&arch.i386;,
      non-&arch.amd64; machines or on systems with no Internet
      connectivity.</para>

    <para>Source-based upgrades (those based on recompiling the &os;
      base system from source code) from previous versions are
      supported, according to the instructions in
      <filename>/usr/src/UPDATING</filename>.</para>

    <important>
      <para>Upgrading &os; should, of course, only be attempted after
        backing up <emphasis>all</emphasis> data and configuration
        files.</para>
    </important>
  </sect1>
</article>